Administrator’s manual
KASPERSKY® ADMINISTRATION KIT
VERSION 6.0
Administrator’s manual
© Kaspersky Lab
Visit our website: http://www.kaspersky.com/
CHAPTER 6. MAINTENANCE...................................................................................... 72
6.1. Renewing your license ........................................................................................ 72
6.2. Quarantine and backup storage ......................................................................... 74
6.3. Event logs. Event filters....................................................................................... 76
6.4. Reports ................................................................................................................ 79
6.5. Finding computers............................................................................................... 81
6.6. Computers filters.................................................................................................. 84
6.7. Virus outbreaks monitoring ................................................................................. 86
6.8. Backup copying and restoration of the Administration server data ................... 89
APPENDIX A. GLOSSARY........................................................................................... 91
Table of Contents 5
1
You can install MSDE from the distribution package included in the Kaspersky Ad-
ministration Kit distribution kit.
Kaspersky Administration Kit 9
• Hardware requirements:
• Intel Pentium II processor, 400 MHz or faster
• At least 64 MB RAM
• 10 MB of available hard drive space
Network Agent
• Software requirements:
• For Windows systems:
• Microsoft Windows 98; Microsoft Windows ME; Microsoft Win-
dows 2000 SP 1 or higher; Microsoft Windows NT4 SP 6a or
higher; Microsoft Windows XP Professional x64 or higher,
Microsoft Windows XP Professional SP 1 or higher, and Win-
dows Server 2003 or higher; Microsoft Windows Server
2003 x64 or higher, Microsoft Windows Vista, Microsoft Win-
dows Vista x64.
• For Novell systems
• Novell NetWare 6 with SP3 or higher; Novell Netware 6.5 with
SP3 or higher.
• Hardware requirements:
• For Windows Systems:
• Intel Pentium processor, 233 MHz or faster
• 32 MB RAM
• 10 MB available space on hard drive
• For Novell systems:
o Intel Pentium 233 MHz or better;
o 12 MB RAM;
o 32 MB free (available) disk space.
1.6. Conventions
Various formatting features and icons are used throughout this document
depending on the purpose and the meaning of the text. The table below lists the
conventions used in the text.
Kaspersky Administration Kit 11
Convention Meaning
Bold font
Menu titles, commands, window titles,
dialog elements, etc.
Note
Additional information, notes.
Each computer included into the logical network structure can be connected
only to one Administration server.
The administrator must control the correctness of the computers' connection to
the Administration servers using the find computer by network attributes
function to search for computers in the logical networks of various servers.
14 Kaspersky Administration Kit
For more information about task types, refer to the documentation for
Kaspersky Lab applications.
To have an application to perform an action, you should configure application
settings, create and configure a corresponding task and run it.
Application settings defined for each individual client computer via a local
interface or remotely via an Administration console will be called the local
application settings.
Centralized configuration of the application operation settings installed on the
client computers in the logical network is performed by defining policies.
A Policy – is a set of parameters of an application in a group. A policy includes
settings for complete configuration of all functions of the application excluding
settings specific for individual tasks. An example of such settings are schedule
settings.
Therefore a policy includes the following settings:
• common settings for all types of tasks - application settings;
• common settings for all individual tasks of each type – most task settings.
Understanding Kaspersky Administration Kit 17
This means that the policy for the anti-virus application (see Figure 1) that
includes the real-time protection and on-demand scan tasks, contains all
required settings of the application's configuration for execution of both types of
tasks, but does not contain, for example, the schedule for execution of these
tasks or settings that define the scan scope.
Figure 1. Policy
Each setting in a policy has an attribute, a "lock" that indicates whether changing
this setting is allowed in the nested policies in the hierarchal level (for nested
groups and slave Administration servers), in the task settings and local
application settings. If there is a "lock" attached to this setting, you will not be
able to redefine its value (see section 2.1.6 on page 16).
In a group each application will have its own policy defined for it. Several policies
with different settings value may be defined for one application. However each
application may only have one active policy.
There is a provision that allows the user to activate an inactive policy based on
an event, which allows, for instance, to establish stricter anti-virus protection
settings during the periods of virus outbreaks.
You can also create policies for mobile users. Such policy will be applied when
the computer is disconnected from the corporate logical network.
For different groups the application's operating settings may be different. In each
group a separate policy for an application may be created.
Nested groups and slave Administration servers inherit policies of groups of
higher level in the hierarchy.
Creation and configuration of tasks across a logical network is centralized. A task
assigned to an administration group is a group task; a task assigned to an
individual client computer is referred to as a local task; and that assigned to
multiple client computers from different groups on the logical network is a global
task.
18 Kaspersky Administration Kit
The tasks assigned locally to a particular client computer will only be executed
on this computer. Local tasks will be added to the list of current tasks for this
client computer during synchronization of this client with the administration
server.
Because all application settings are governed by the policy, you can only
redefine settings that have been defined as modifiable by this policy or settings
specific to a particular task. For example, for an on-demand scan of a drive, you
should specify the disk name, file masks, etc.
You can schedule tasks to start automatically or run them on demand. Task
performance results are saved both on the administration server and locally. The
administrator can be notified of task results or can view detailed reports.
Information about policies, application settings, global and group tasks is stored
on the server and distributed to the client computers during synchronization.
From clients, the administration server receives data about local changes not
restricted by the policy, applications running on client computers, their status,
and assigned tasks.
• if changes to a setting are allowed, then each client computer uses a lo-
cal value of the settings rather than the value specified in the policy. In
this case the value of the setting can be changed via the local application
settings.
Thus, when a task is being executed on a client computer, the application will
use values determined by:
• task settings and local application settings if the policy did not prohibit
changes to this setting;
• a group policy, if the policy did not prohibit changes to this setting.
Changes to local application settings following the initial policy application are
defined under application policies in the Advanced dialog (cf. Figure 14).
• Reading:
• connecting to the Administration Server;
• viewing the structure of the logical network (or administration
group);
• viewing the values of the application's policies, tasks, and set-
tings.
• Execution: launching and stopping the existing group or global tasks; re-
ceiving reports about the applications installed on the client computers.
• Writing:
• creating a logical network, adding groups and client computers
to this logical network (or to an administration group);
• installation of the Network Agent component to the client com-
puter;
• creating required installation packages for the Kaspersky Lab's
anti-virus applications and installing them (along with licenses
keys to such applications) on the client computers;
• updating the version of applications installed on the client com-
puters;
• creating policies, tasks for groups and individual computers,
configuring application settings;
• centralized administration of applications using services pro-
vided by the Administration Server, the Network Agent and the
Administration Console components;
• granting to users and groups of users access rights to access
the functionality of Kaspersky Administration Kit.
After installation of the Administration server, users included into groups
KLAdmins and KLOperators will be by default granted rights to connect to the
Server and to work with the logical network.
Group data will be created during the installation of the Administration server
component irrespective of the account selected to launch the Administration
server service:
• in the domain that includes the Administration server and on the Admini-
stration server computer, if the Administration server is launched under an
account of a user included into this domain;
• only on the Administration server computer if this Sever is launched under
the system account.
24 Kaspersky Administration Kit
structure of the Windows network and rolling out the protection system based on
Versions 5.0 and 6.0 of Kaspersky Anti-Virus 5.0 for Windows Workstations.
Tools Panel
Details Panel
Menu
• Remote install
• Computers selections
• Events
• Tasks
• Licenses
• Storages
The Protection status folder is used for providing information about the anti-
virus protection state both at the client computers and in the computer network
as a whole. This folder contains nested report pages that ensure information
structure as follows:
• Network – information about computers that are not included into the
logical network structures and the results of the current of the last poll-
ing of the computer network by the Administration server.
• Administration groups – the status of the anti-virus protection on the
client computers of the logical network.
• Anti-virus protection statistics – statistical information about the virus
activities on the client computers of the logical network.
• Update – the state of the anti-virus database used by the applications
The Network folder displays the contents of the computer network in which the
Administration server is installed. The Administration server creates and updates
the information about the network structure and computers included in this
network by regularly polling the Windows network and IP subnetworks created in
the corporate computer network. The contents of the Network folder will be
updated based on this polling.
The Groups node is used to store, display, configure, and change the logical
network structure, group policies, and group tasks.
Root objects in the Groups folder correspond to the highest level of the logical
network hierarchy. The Administration Servers, Policies and Tasks folders are
mandatory for each group item. These folders are used to operate Administration
servers, policies and tasks of the upper hierarchical level.
The Update folder contains the list of updates received by the Administration
server that can be delivered to clients.
The Remote install folder contains the list of installation packages that can be
used to deploy applications to client computers of the logical network.
The Reports folder displays templates of reports on the status of logical network
protection.
Understanding Kaspersky Administration Kit 31
The Computers selections folder is used for search for client computers using
specified search criteria, saving the search results and displaying it in individual
folders of the console tree.
The Events folder displays a list and information about events registered during
the operation of the application and about results of the tasks execution.
The Global tasks folder has a list of global tasks assigned to a bunch of logical
network computers.
The Licenses folder shows licenses installed on client computers.
The Storages folder is used to manage objects placed by the anti-virus
applications into the quarantine folders on the client computers and backup
copies of objects placed into the backup storage. However, the objects
themselves are not copied to the Administration server.
Deployment
wizard Create an application deployment task
Applications
versions report Create and view a report about version
of Kaspersky Lab’s applications
Remote installed on computers
install
New/Installation
package Create a new installation package
All tasks / Appli-
cation deploy- Create an application deployment task
ment task wizard
New/Report
Reports template Create a new report template
New/New filter
Computers Create a new filter to search for
selections computers
View/Filter
Apply a filter for the event preview
table
Events
All tasks / Import
Import a task from a file
Global New/Task
Create a new global task
tasks
Add license key Install a new license key
Licenses License keys Create and view a report about license
report keys installed on the client computers
In the details panel, each item selected in the console tree also has a specific
shortcut menu with options of how to treat it. The main elements and the
corresponding shortcut menu commands are listed in the table below.
Table 2
Element Command Action
Client Protection View information about the client com-
computer puter anti-virus protection status
Task Open a local computer properties con-
figuration window on the Tasks tab
Understanding Kaspersky Administration Kit 35
Connection attempts will be denied, if the user does not have the connection
rights. User rights are verified using the Windows user authentication
procedure.
If there are several Administration Servers on your Windows network, you can
manage these logical networks from an administration workstation. To select
Using the application 37
There is a provision for an ability to grant separate access rights to each group in
the logical network. This setting is configured on the Security tab of the group
settings windows.
The administrator can track users’ actions by events in the operation of the Ad-
ministration server registered in the events logs. Such events are assigned the
Information message level of importance and start with word Audit. They are
displayed in the Audit Events folder under the Console Tree Events node.
2
In the above case, an antivirus application denotes an application which includes an
autoprotect component.
40 Kaspersky Administration Kit
Based on the obtained information and logical network structure data, the
Administration server will update the Network group as well as the structure and
the contents of the Network folder. During the update, computers detected within
the network may be automatically included into the structure of the Network
folder specified by the administrator or into a specified administration group
within the structure of the logical network. There is a provision for an ability to
disable polling of the computers included into the structure of the Network group
and into any nested subgroup.
A master Administration Server’s Network folder also shows hosts attached to
a salve Administration Server’s logical network. And vice versa.
Using the application 41
When a folder is selected in the console tree, its contest will be reflected in the
results pane.
In addition to the information displayed in the table of the Network folder the
following information about each of the client computers may be displayed:
• On-demand scan – date and time of the last full anti-virus scan of the cli-
ent computer.
• Viruses detected – the total number of viruses detected at the client
computers since the installation of the anti-virus application (first com-
puter scan) or since the last reset of the value (counter of detected vi-
ruses). The value is reset using the Reset virus counter from the short-
cut menu or the Action menu.
• Real-time protection status – the current status of the real-time protec-
tion of the client computer.
• Connection IP address – IP address of the connection between the cli-
ent computer and the Administration server.
Objects in the Groups folder are managed using the shortcut menu commands
(see section 2.10.4 on page 31) and links in the tasks pane.
44 Kaspersky Administration Kit
In order to create a logical network that has a structure identical to the structure
of domains and workgroups of the Windows network, you can use the Initial
Configuration Wizard (see section 3.2 on page 37).
To create a designed logical network structure manually:
1. Connect to the administration server required.
2. Organize a group hierarchy by creating nested groups.
3. Add client computers to the groups
4. Add slave Administration servers
The structure of the logical network is reflected in the Groups folder. You can
obtain information about each object of the logical network: slave servers, groups
and client computers. The data provided will contain information when the object
was created and when its settings were last modified. You can also review and, if
required, modify the settings used by the object (slave server, client computer or
all client computer in the group) to interact with the Administration Server.
In order to obtain information about specific client computers, you can utilize the
find computer function in the logical network, based on the specified criteria. You
Using the application 45
can use information about the logical networks of the slave administration
servers for the purposes of this search. In order to perform such search and
display information about computers in a separate folder of the console tree, use
the Create filter function.
If you have any changes in your corporate network configuration, do not forget to
make appropriate changes to the logical network. You can:
• Add any number of groups of any nesting level to your logical network
(you can add slave Administration servers and nested groups that form
next hierarchy level to a group).
You can also define what Kaspersky Lab applications will be
automatically installed on all client computers of this group.
3.5.1. Groups
In order to add a new group, use command New / Group from the shortcut menu
of the group to which the nested group is being added. As the result, in the
console tree, in the Groups node (see Figure 7) included into the folder you
specified a new folder with the indicated name will appear. Nested folders
Policies, Group tasks and Administration servers will be automatically
created in this folder. They will be filled during the stage of defining group
policies, creation of group tasks and slave Servers.
Client computers and nested groups that form next hierarchal level can be
included into this group. Display of inherited policies and nested group tasks is
configurable.
You can also define which Kaspersky Lab's applications will be automatically
installed on all client computers added to the group.
46 Kaspersky Administration Kit
You cannot rename the Groups folder because it is an in-built element of the
Administration Console.
A group can be deleted from the logical network if it does not contain slave
Administration servers, nested groups and client computers and it has no tasks
and policies created for it. You can delete a selected group using the Delete
command from the shortcut menu or the analogous item in the Actions menu.
Adding client computers to the logical networks can be configured in such a way
that the Administration server will be automatically including all computers
detected into the specified administration group. For this the corresponding
settings must be configured in the Network group properties (see Figure 10).
A computer can also be added in the main application window of Kaspersky
Administration Kit by dragging the computer from the Network folder to the
logical network folder with the mouse.
48 Kaspersky Administration Kit
You can move client computers from one group to another by excluding them
from the logical network using standard shortcut commands Cut / Paste and
Delete or analogous items from the Action menu. Computers deleted from the
logical network will be moved to the Network group. The moving operation can
also be performed using the mouse.
Client computers can be moved from one logical network to another. For
example, when adding a slave Administration server, you can move client
computers from the Master Server logical network to a slave Server logical
network. In order to do it, the client computers must be connected to the new
Administration server.
Connecting the client computer to another Administration server shall be
performed by creating and launching the Change Administration server task. It
is possible to move either individual computers by creating a global task or all
client computers from a specific administration group using a group task. As a
result of execution of the Change Server task, the client computers for which
this task was created and successfully completed, will be disconnected from the
old Administration server and will then appear in the Network group of the new
Server. Client computers can be deleted from the administration groups of the
Using the application 49
old logical network and added to a new logical network manually using the
Administration Console.
You can connect a client computer to a different Administration Server locally
from the client computer.
This operation is performed using utility klmover.exe included into the Network
Agent distribution package. After the installation of the Network Agent this utility
will be located in the root installation folder of the component.
The policies and tasks received from a master Administration Server are not
available for modification on a slave server.
In order to add a slave Server use the New / Administration server item for the
Administration server object in the group as required. This will start the slave
server adding wizard. This wizard will perform the following:
• adding a slave Administration server;
• connecting the Administration Console to the slave Server;
• configuring setting of connection to the main Server.
• adding information about the slave Server tot he database of the main
Administration server.
• You can skip the connection and configuration stages and perform the
manually at a later time. In order to do it connect to the Server that will be
used as the slave Server via the Administration Console and indicate set-
tings for its connection to the main Server (see Figure 11).
After the slave Administration server has been successfully added, the Server's
icon and the name will be displayed in the corresponding group in the
Administration servers folder.
50 Kaspersky Administration Kit
You can manage the logical network of the slave Administration server via the
Administration servers node of the main Server's logical network or directly by
adding the Server to the console tree as a new Administration server.
The slave Server is a full-fledged Administration server and performs all
functions of the Administration server within its logical network.
Additionally a slave Administration server inherits from the main Server all group
tasks and policies of the group into which it is included. Inherited policies and
tasks area reflected on the slave Server as follows:
• Icon will be displayed next to the policy name received from the main
Administration server. (The regular policy icon is ).
• The values of the settings of the inherited policy will not be accessible for
changes on the slave Server.
• Settings that are not allowed to be modified in the inherited policy are not
accessible or changes (icon ) in all application policies on the slave
Server and use values specified in the inherited policy.
Using the application 51
• Values of the settings that are allowed to be modified in the inherited pol-
icy can be changed in policies of the slave Server (icon ). If the setting
was not "locked" in the slave Server policy, it can be changed in the ap-
plication or task settings (see section 2.1.7 on page 18).
• Icon will be displayed next to the group task name received from the
main Administration server. (The regular task icon is ).
You can only create a policy for an application if the plug-in for this application
is installed on the administrator workstation.
To create a policy use the New / Policy command from the shortcut menu of the
Policy folder. At this stage of the policy creation, you configure a minimum set of
parameters required for operation of the application. All other settings are set by
default and correspond to default values applied during the local installation of
the application.
A detailed description of the policy settings for Kaspersky Lab's applications
is provided in the Manuals for these applications.
Later you can modify the values of the settings, prohibit changes to them in the
policies of nested groups and in the application's settings (see Figure 12).
Remote Policy management 53
Local settings have higher priority as compared to the policy settings (see
section 2.1.7 on page 18). If you wish to use a value specified in the policy for a
particular settings, you must lock such setting.
After a new policy is created, it is added to the Policies folder (see Figure 13) of
the corresponding group and will be applied to all nested groups and slave
Administration server included into such group as the inherited policy.
54 Kaspersky Administration Kit
You can delete, copy, export or import crated policies from one group to another
using the shortcut menu commands of the policy selected in the results pane.
Several group policies may be created for each application, however there can
be only one active policy. Such policy must have the Active policy parameter
selected in its settings.
The policy can be activated automatically, triggered by a certain event. However,
you can return to the previous policy only manually.
You can also create a policy for mobile users that will be enforced immediately
after the computer is disconnected from the corporate logical setting.
A node is considered disconnected from a logical network following three
unsuccessful attempts to connect to the Administration Server. The time
between attempts is configured through Administration Agent settings using the
Synchronization Period (Minutes) field and is set to 15 minutes by default.
The results of the policy deployment can be viewed via the Management
Console in the Administration Server policy properties window (see Figure 15).
Changes to local application parameters on each client depend on the option
selected in the Advanced window. This window is accessible through the
Advanced link on the policy properties window Enforcement tab.
Remote Policy management 55
Local parameters will update automatically based on the option selected when a
policy is first applied to a client, i. e. when:
• a client is added to an area where the policy is applicable;
• a policy is enabled;
• an antivirus to which the policy is applicable is installed on a client.
One of the options below may be selected:
• Do not modify local settings. This would cause only parameters marked
with under policy settings to be applied to an application. Remaining
parameters will be governed by local settings. This is the default option.
After a policy is deleted or revoked, applications will revert to values in
effect before the policy was applied.
• Apply mandatory policy settings to the local settings at first policy
application. This would result only in parameters marked with under
policy settings being enforced with respect to an application.
After a policy is deleted or revoked, only parameters editable under
policy (i. e. those marked with ) will revert to their original values.
• Apply all policy settings to the local settings at first policy
application. This would cause all local parameters to assume values as
per policy settings.
• After a policy is deleted or revoked, the application will continue with pol-
icy-defined settings. Settings may subsequently be modified manually.
A policy may also be modified manually. Click on Change Now (cf. Figure ). This
would cause a policy to be applied based on settings selected above.
56 Kaspersky Administration Kit
The way the values of the local application's settings change on each client
computer depends on the status of the Apply mandatory policy settings to the
local settings at first policy application box (see section 2.1.7 on page 18).
Additionally, you can match the settings to the selection you have made
manually irrespective of whether the policy has been enforced. In order to do it
press the Change now button (see Figure 15).
The policy will be applied in the following way. If resident tasks (real-time
protection) were running on a client, they will seamlessly switch to the new
settings' values. If there are periodic tasks currently running on a client (on-
demand scans, database updates), they will continue working with old values.
The new settings' values will be applied upon the next startup of these tasks.
You can view the application settings, after the new policy has been applied, via
the Management console in the properties window of the specific client
computer.
In case of a hierarchical structure, slave administration servers retrieve policies
from the master Server and then apply these policies on client computers. Policy
settings can be changed only on the master Administration Server. After this, the
Remote Policy management 57
slave servers correspondingly modify the policies and deploy them through client
computers.
In the event that the connection between the Master Administration Server and
slave Administration Servers is broken, a policy remains in effect on the slave
servers with previous settings. Any policy settings updated on the Administration
Server will propagate to slave servers once a connection is reestablished.
If the connection between an Administration Server and a client is broken, either
the policy for roaming users goes into effect on the client (if defined) or the policy
remains in effect with prior settings until a connection is reestablished.
The results of policy deployment on slave administration servers are displayed in
the policy properties window on the master Administration Server.
You can similarly view the results of the policy deployment on the client
computers in the policy properties window of the slave administration server after
you connect to it.
A detailed description of the policy settings for Kaspersky Lab's applications is
provided in the applications' Guides. Policy configuration for the Network Agent
and the Administration server is described in the Reference Book for Kaspersky
Administration Kit.
In order to ensure network protection the administrator can create any number of
various tasks (except tasks that can be created only once) for all applications
that are managed using Kaspersky Administration Kit.
For example, in order to scan client computers that are workstations, for
malware, you have to create an On-demand scan task for Kaspersky Anti-Virus
for Windows Workstations.
Application management functions and general service operations perform tasks
of the Kaspersky Administration Kit, Administration server and Network Agent
components. The following type of tasks are defined for this component:
• Change of the Administration server.
• Launching / stopping the application.
• Application deployment.
• Application remote uninstallation.
• Receiving updates by the Administration server.
• Creating a backup copy of the Administration server.
• Sending reports.
• Distribution of the installation package.
Tasks of these types have several distinctive features as far as creation and
launching are concerned. A detailed description of managing these tasks is
provided in the Kaspersky Administration Kit Reference Book.
You can create group, global, and local tasks for all types of tasks.
For the deployment both group and global tasks can be created. For receiving
updates, creating a backup copy and sending reports tasks only global tasks
can be created.
Receiving updates and Creating a backup copy of the Administration
server tasks can only be created in single entities and can be executed for one
computer only - the Administration server.
In order to create a task use the New / Task command from the shortcut menu
for the Group tasks folder or the Global tasks folder.
Created group tasks will be located in the nested folders Group tasks of the
corresponding groups (see Figure 17). Global tasks will be located in a special
container in the console tree called Global tasks. You can review the list of local
tasks of the client computer in the client computer properties window.
60 Kaspersky Administration Kit
You also can enable automatic computer turn off after the scheduled task has
been completed.
The task execution time can be restricted; in this case the task will be stopped
once the time period specified in the time settings has been elapsed. There is a
possibility to disable scheduled task launch. In this case the task will not be
deleted, but it will not be launched either.
Additionally, you can start a task, interrupt it, pause or resume a task manually
using the shortcut menu commands or from the task settings viewing window
(see Figure 21).
Tasks on the client computer are executed only if the corresponding application
is running. Once you close the application, all running tasks will be terminated.
You can monitor task execution and view results of its execution in the task
settings window (see Figure 21).
64 Kaspersky Administration Kit
Results of tasks execution are registered and saved in accordance with the
settings in the Windows event logs and Kaspersky Administration Kit events logs
both in a centralized location on the Administration server and on each client
computer locally. The administrator and other user can be notified about the
results of the tasks execution; the form and the method of notification will also be
determined by the task settings.
You can view the results of the task execution registered in the Kaspersky
Administration Kit via the Events node of the console tree. You can review
results of tasks execution for each client computer in this computer's properties
window.
.With the hierarchal structure of the Administration servers, if the corresponding
parameter is included into the task settings (see Figure 21), the slave Servers
will receive group tasks from the main Administration server and then distribute
them to the client computers. The group task's settings can be modified on the
main Administration server. After this the slave Administration servers will
accordingly modify their group tasks and distribute them to the connected client
computers.
Results of the distribution of a group task to the slave Administration servers will
be reflected in the Task execution results window of the Administration server
group task properties window.
Similarly, you can review the results of the group task distribution to the client
computers in the slave Administration server group task properties window after
you have connected to the slave Administration server.
CHAPTER 5. UPDATING THE
ANTI-VIRUS DATABASE AND
PROGRAM MODULES
If you used the Quick Start Wizard, the task of receiving the Administration
server has been already created and located in the Global tasks node of the
console tree.
In order to create the task for receiving updates by the Administration server,
launch the task creation wizard for the Global tasks node. As the application for
which the task is created select Kaspersky Administration Kit, as the type of
the task - Receiving updates by the Administration server (see Figure 22).
Figure 22. Creating an updating task. Selecting application and task type
As the result of the execution of the task for receiving updates by the
Administration server, the anti-virus database and the application modules
updates will be downloaded from the updates source and placed into the public
access folder.
From the public access folders the downloads will be distributed to the client
computers (see section 5.2 on page 68) and slave Administration servers (see
section 5.3 on page 69).
The following resources can be used as the update source for the Administration
server:
• Kaspersky Lab’s updates servers;
• Main Administration server;
• ftp- / http server or the network updates folder.
The use of the particular resource depends on the task settings.
If the updates are performed from ftp- /http- servers or from the network folder,
then in order to ensure correct updating of the server the structure of the folders
with updates matching the structure created by the Kaspersky Lab's tools when
the updates are copied, must be copied to these resources.
68 Kaspersky Administration Kit
You can review information about received updates in the Update container of
the console tree; the list of updates is displayed in the results pane (see Figure
24).
Administration server and in order to avoid mistakes and errors when creating
the update tasks for the logical networks with a large number of client computers.
In order to decrease the load on the Administration servers we recommend that
you use the updating agents that would ensure distribution of the updates within
the administration group.
To view information about what license keys are installed for an application on a
specific client, open the application properties dialog box.
To install a license key, you should create an Install license key task.
74 Kaspersky Administration Kit
The Install license key task can be a group task, a global task, or a local task.
You can create a global task to install license key using the wizard.
In order to replace the installed license key or install a license key as the current
key, you can use a task you created earlier by changing its settings before using
it.
The procedure used for saving the task execution results, the form and the
method of notification about them is determined in the task settings.
The notification can be performed by sending message by e-mail or via the
network or by launching an application or a script.
Maintenance 77
Information about registered events and results of task execution may be stored
in a centralized location on the Administration server or, for each client computer,
locally on the computer.
You can view information saved in the Microsoft Windows event log using
standard MMC tool Events viewer. You can view the event log of Kaspersky
Administration Kit saved on the Administration server using the Events node of
the console tree (see Figure 31).
Figure 31. Viewing information of the Kaspersky Administration Kit event log
Registered events are deleted automatically after the expiration of the storage
period specified by the policy or manually using the shortcut command menu
Purge. You can delete an individual event selected in the results pane, all events
or events that satisfy certain conditions.
You can review the list of events registered during the application operation for
each client computer in its property window (see Figure 33). It displays
information of the Kaspersky Administration Kit event log stored on the
Administration server. In order to search for information, you can use the event
filter.
Maintenance 79
6.4. Reports
You can receive reports about the status of the anti-virus protection system
based on the information stored on the Administration Server.
Antivirus protection status may also be tracked on a client using data written to
the system registry by the Administration Agent.
Reports can be created for:
• the anti-virus protection system in general;
• computers included into a certain administration group;
• a set of client computers within various administration group;
• anti-virus protection system of the logical networks of the slave Admini-
stration servers.
The following reports can be generated:
• Anti-virus database version report - contains information about version
of the anti-virus database used by the applications.
80 Kaspersky Administration Kit
You can generate reports based on templates previously created. Most default
templates are located in the console tree under Reports (cf. Figure 34).
Additional templates may be selected through the Report Wizard.
Figure 34. Viewing task execution results stored on the Administration server
Depending on the node for which the search is performed, the results of the
search may be as follows:
• The Group group – a search for client computers connected to the logi-
cal network of the Administration server into which the selected group is
included.
The search is performed based on the information about the logical
network structure and networks of the slave Administration servers (if the
Include data from the slave Servers box is checked in the search
parameters).
• The Network group – search for computers within the network in which
the Administration server not included into the logical network structure is
installed.
The search is performed based on the data obtained as the result of the
polling of the computer network by the Administration server and the
slave Servers (if the Include data from the slave Servers box is
checked in the search parameters).
The search results will include client computers included into the Network
group selected for the search and in the Network groups of all slave
Servers (if the Include data from the slave Servers box is checked in
the search parameters).
• Administration server <server name> – full search for computers.
The search is performed based on the information about the logical
network structure and data obtained as the result of the polling of the
computer network by the selected Administration server and the slave
Servers (if the Include data from the slave Servers box is checked in
the search parameters).
The search results will include:
• client computers of the logical network of the selected
Administration server and all its slave Servers (if the Include
data from the slave Servers box is checked in the search
parameters).
• computers of the Network group of the selected Administration
server and of the Network groups of all its slave Servers (if the
Include data from the slave Servers box is checked in the
search parameters).
In order to search for, save and display information about computers in a
separate folder of the console tree use the create filters function.
84 Kaspersky Administration Kit
Information about new computers is provided based on the results of the poll of
the computers network by the Administration server.
There is a provision for creating additional filters. In order to create a filter, use
the New / New filter item from the shortcut menu for the Computer filters node.
As the result a new folder with the name you have specified for the filter will
appear in the console tree will appear in the Computer Selections in the
console tree. In order to add computers to the selection, configure the filter
parameters (see Figure 38). The selection can be used for searching and further
movement of selected computers into the administration groups. Movement is
performed using a mouse.
86 Kaspersky Administration Kit
An event may be logged for several application types. In order to enable the virus
attack detection mechanism click on checkboxes next to the desired application
types:
• Workstation and File Server Antivirus;
• Perimeter Defense Antivirus;
• Mail System Antivirus.
For each application type specify the virus activity threshold which, when ex-
ceeded, will trigger the Virus Outbreak event:
• Viruses field: number of viruses detected on the logical network by appli-
cations of this type;
• In (minutes): time interval during which the above number of viruses was
discovered.
Event Virus attack is created based on the Virus detected event and the Virus,
Worm, Trojan, or Hacker Software Detected event in the operation of the anti-
virus application. Therefore, in order to successfully detect virus outbreak all
information about the above events must be stored on the Administration server.
88 Kaspersky Administration Kit
For the purpose of counting events Virus detected and Virus, Worm, Trojan,
or Hacker Software Detected only information from the client computers of
the main Administration server is to be taken into account.
For each slave Server event Virus attack is configured individually.
B
Block object – Prevent external applications from accessing an object. The
blocked object cannot be read, executed, modified, or deleted.
Backing up – copying data of the Administration server for storage and
subsequent restoration performed by the backup utility. The utility
allows to save: Administration Server database that stores policies,
tasks, application settings, and events logged on the Administration
Server Information about the logical networks and client configurations
Installation files for the remote installation of applications (contents of
the Packages, Uninstall, Updates folders) Administration Server
certificate
BACKUP folder – A directory that contains backups of deleted and
disinfected objects.
Backup storage – A folder that contains the backup copies of
Administration Server data created by the backup utility.
C
Console (management) plug-in – A special component that provides an
interface for remotely managing an application through the
Administration Console. The plug-ins are specific to each application
and are included in all Kaspersky Lab applications that can be managed
through Kaspersky Administration Kit.
Centrally managing an application – Managing an application through
Kaspersky Administration Kit.
Client, Administration Server (or client computer) – a computer, a server,
or a workstation with the installed Network Agent and managed
Kaspersky Lab applications.
D
Disinfection – A method of treating infected objects. Disinfection implies
partial or full recovery of data or results in a decision that these files
cannot be disinfected. Objects are disinfected using the anti-virus
database. If disinfection is the first action to be applied to an object, i. e.
the first action after detection of a suspicious object, the program
creates a backup of this file. If some data are lost during disinfection,
you can use the backup to recover this object.
Deleting an object – A method of handling an object. To delete an object is
to remove it physically from a computer. This method is recommended
for treating infected objects. If deleting is the first action applied to an
object, it is necessary to create a backup of this object before deleting it.
You can use the backup to restore the original object.
E
Exclusions – User-defined settings that exclude certain objects from scans.
You can customize the exclusion rules for real-time protection and on-
Appendix A 93
demand scans. Thus, you can disable scanning of archives during a full
scan or exclude files from scans by their masks.
E-mail databases – Databases that contain e-mail messages stored on
your computer. Every incoming/outgoing message is saved in the
database after you receive/send it. Such databases are scanned in the
on-demand scanning mode.
G
Global task – A task defined for and running on a number of clients from
different administration groups.
Group Task – A task defined for and running on all clients in a group.
Group policy – A set of application settings in an administration group
managed through Kaspersky Administration Kit. Group policies can be
different for each group. Group policies are specific to individual
applications. The policy involves configuration of all parameters of
applications.
I
IChecker technology – A technology that excludes the objects from future
scans that remained unmodified since the last scan. The IChecker
technology was implemented by using the object checksum database.
IStreams technology – A technology that excludes the files stored on
NTFS-formatted disks that remained unmodified since the last scan.
The IStreams technology was implemented by using a method of
storing file checksums in the additional NTFS streams.
Infected object – An object containing a virus. We recommend that you
abandon working on these objects because they can infect your
computer.
Installation package – A package of files used to install Kaspersky Lab
applications on remote hosts on a logical network. Installation packages
are based on a special .kpd file included in the application distribution
kit, which contains a minimum set of parameters that provide the basic
functionality of the application immediately after the installation. The
values of the parameters are default settings of the applications.
K
Kaspersky Lab update servers – A list of http and ftp Kaspersky Lab
websites where you can copy updates to your computer from.
Kaspersky Administration Kit – An application for centralized performance
of key administrative tasks. It gives you complete control over the
enterprise anti-virus policy based on Kaspersky Lab applications.
L
License key – A file with the .kеy extension that serves as your personal
"key". This file is required for correct operation of Kaspersky Lab
applications. The license key is included in the distribution kit if you
94 Kaspersky Administration Kit
• Error
• Warning
• Info
Events of the same kind can be of different severity levels, depending on a
specific situation.
Startup objects – A set of programs that are necessary for launching and
smooth operation of the operating system and other software installed
on your computer. Your operating system launches these objects during
each startup. Some viruses attempt to infect the startup objects and can
cause a startup failure.
Suspicious object – An object that contains either a modified code of a
well-known virus or a code reminiscent of a virus yet unknown to
Kaspersky Lab specialists.
Scan files by format – In this scanning mode, the program analyzes the
contents of a file, namely, the format identifier in the file header.
Scan files by extension – In the scanning mode, the program takes into
account the scanned file extension.
T
Task – An action that has a name performed by a Kaspersky Lab
application.
Third party application – An anti-virus application by a third-party vendor
or a Kaspersky Lab's application not supporting administration via
Kaspersky Administration Kit.
U
Unknown virus – A new virus that is not recorded in the anti-virus
database. As a rule, Kaspersky Anti-Virus detects unknown viruses
using an heuristic code analyzer and objects containing these viruses
are identified as suspicious.
Updating – A function of Kaspersky Anti-Virus that updates/adds new files
(anti-virus database or program modules) retrieved from Kaspersky Lab
update servers.
Updating agents - computers that act as intermediate centers for
distributing updates and installation packages within the administration
groups.
V
Virtual drives (RAM drives) – A part of RAM emulating a normal physical
disk of a personal computer.
Virus activity threshold – number of viruses detected for a specified time
interval. When this number is exceeded, the situation is regarded as a
Virus outbreak (virus attack). This parameter is important for defining
virus epidemics because the administration can respond in a timely
Appendix A 97
3
Depending on the type of distribution kit.
Appendix B 103
B.2. Contact Us
If you have any questions, comments, or suggestions, please refer them to one
of our distributors or directly to Kaspersky Lab. We will be glad to assist you in
any matters related to our product by phone or via email. All of your
recommendations and suggestions will be thoroughly reviewed and considered.
accessing or using the Software. Use of software or hardware that reduces the
number of Client Devices or seats directly accessing or utilizing the Software
(e.g., “multiplexing” or “pooling” software or hardware) does not reduce the
number of licenses required (i.e., the required number of licenses would equal
the number of distinct inputs to the multiplexing or pooling software or hardware
“front end”). If the number of Client Devices or seats that can connect to the
Software exceeds the number of licenses you have obtained, then you must
have a reasonable mechanism in place to ensure that your use of the Software
does not exceed the use limits specified for the license you have obtained. This
license authorizes you to make or download such copies of the Documentation
for each Client Device or seat that is licensed as are necessary for its lawful use,
provided that each such copy contains all of the Documentation proprietary
notices.
1.3 Volume Licenses. If the Software is licensed with volume license terms
specified in the applicable application invoicing or packaging for the Software,
you may make, use or install as many additional copies of the Software on the
number of Client Devices as the volume license terms specify. You must have
reasonable mechanisms in place to ensure that the number of Client Devices on
which the Software has been installed does not exceed the number of licenses
you have obtained. This license authorizes you to make or download one copy of
the Documentation for each additional copy authorized by the volume license,
provided that each such copy contains all of the Document’s proprietary notices.
2. Duration. This Agreement is effective for the period specified in the Key
File (the unique file which is required to fully enable the Software, please see
Help/ about Software or Software about, for Unix/Linux version of the Software
see the notification about expiration date of the Key File) unless and until earlier
terminated as set forth herein. This Agreement will terminate automatically if you
fail to comply with any of the conditions, limitations or other requirements
described herein. Upon any termination or expiration of this Agreement, you
must immediately destroy all copies of the Software and the Documentation. You
may terminate this Agreement at any point by destroying all copies of the
Software and the Documentation.
3. Support.
(i) Kaspersky Lab will provide you with the support services (“Support
Services”) as defined below for a period of one year following:
(a) payment of its then current support charge, and;
(b) successful completion of the Support Services Subscription Form as
provided to you with this Agreement or as available on the Kaspersky Lab
website, which will require you to produce the Key Identification File which will
have been provided to you by Kaspersky Lab with this Agreement. It shall be at
the absolute discretion of Kaspersky Lab whether or not you have satisfied this
condition for the provision of Support Services.
Appendix C 109
(iii) Kaspersky Lab does not warrant that this Software identifies all known
viruses, nor that the Software will not occasionally erroneously report a virus in a
title not infected by that virus;
(iv) Your sole remedy and the entire liability of Kaspersky Lab for breach of
the warranty at paragraph (i) will be at Kaspersky Lab option, to repair, replace or
refund of the Software if reported to Kaspersky Lab or its designee during the
warranty period. You shall provide all information as may be reasonably
necessary to assist the Supplier in resolving the defective item;
(v) The warranty in (i) shall not apply if you (a) make or cause to be made
any modifications to this Software without the consent of Kaspersky Lab, (b) use
the Software in a manner for which it was not intended or (c) use the Software
other than as permitted under this Agreement;
(vi) The warranties and conditions stated in this Agreement are in lieu of all
other conditions, warranties or other terms concerning the supply or purported
supply of, failure to supply or delay in supplying the Software or the
Documentation which might but for this paragraph (v) have effect between the
Kaspersky Lab and your or would otherwise be implied into or incorporated into
this Agreement or any collateral contract, whether by statute, common law or
otherwise, all of which are hereby excluded (including, without limitation, the
implied conditions, warranties or other terms as to satisfactory quality, fitness for
purpose or as to the use of reasonable skill and care).
7. Limitation of Liability
(i) Nothing in this Agreement shall exclude or limit Kaspersky Lab’s liability
for (i) the tort of deceit, (ii) death or personal injury caused by its breach of a
common law duty of care or any negligent breach of a term of this Agreement,
(iii) any breach of the obligations implied by s.12 Sale of Goods Act 1979 or s.2
Supply of Goods and Services Act 1982 or (iv) any liability which cannot be
excluded by law.
(ii) Subject to paragraph (i), the Supplier shall have no liability (whether in
contract, tort, restitution or otherwise) for any of the following losses or damage
(whether such losses or damage were foreseen, foreseeable, known or
otherwise):
(a) Loss of revenue;
(b) Loss of actual or anticipated profits (including for loss of profits on
contracts);
(c) Loss of the use of money;
(d) Loss of anticipated savings;
(e) Loss of business;
(f) Loss of opportunity;
Appendix C 111